News

4 reasons why veterans thrive as cybersecurity professionals

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, SpecterOps, threats, training /

4 reasons why veterans thrive as cybersecurity professionals 2024-11-11 at 07:35 By Help Net Security Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need […]

React to this headline:

Loading spinner

4 reasons why veterans thrive as cybersecurity professionals Read More »

Strategies for CISOs navigating hybrid and multi-cloud security

CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Mirantis, misconfiguration, News, opinion, regulation, tips /

Strategies for CISOs navigating hybrid and multi-cloud security 2024-11-11 at 07:11 By Mirko Zorz In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent security

React to this headline:

Loading spinner

Strategies for CISOs navigating hybrid and multi-cloud security Read More »

How human ingenuity continues to outpace automated security tools

Artificial Intelligence, cyber risk, cybersecurity, HackerOne, News, report, survey /

How human ingenuity continues to outpace automated security tools 2024-11-11 at 06:04 By Industry News 10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations, according to HackerOne. HackerOne’s report combines perspectives from the researcher community, customers, and security

React to this headline:

Loading spinner

How human ingenuity continues to outpace automated security tools Read More »

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability

News, Week in review /

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability 2024-11-10 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote

React to this headline:

Loading spinner

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Apple’s 45-day certificate proposal: A call to action

apple, certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, opinion, Venafi /

Apple’s 45-day certificate proposal: A call to action 2024-11-08 at 08:00 By Help Net Security In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a

React to this headline:

Loading spinner

Apple’s 45-day certificate proposal: A call to action Read More »

Am I Isolated: Open-source container security benchmark

containers, Don't miss, Edera, GitHub, Hot stuff, Kubernetes, News, open source, software /

Am I Isolated: Open-source container security benchmark 2024-11-08 at 07:30 By Mirko Zorz Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’

React to this headline:

Loading spinner

Am I Isolated: Open-source container security benchmark Read More »

Industrial companies in Europe targeted with GuLoader

Cado Security, Don't miss, Europe, Hot stuff, Malware, News, spear-phishing /

Industrial companies in Europe targeted with GuLoader 2024-11-07 at 15:48 By Zeljka Zorz A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish.

React to this headline:

Loading spinner

Industrial companies in Europe targeted with GuLoader Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

APT, backdoor, Cryptocurrency, Don't miss, financial industry, Hot stuff, macOS, Malware, News, North Korea, phishing, SentinelOne /

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

Loading spinner

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability /

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this

React to this headline:

Loading spinner

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

How AI will shape the next generation of cyber threats

API security, Artificial Intelligence, attacks, Compliance, cybercriminals, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Prismatic, regulation, strategy /

How AI will shape the next generation of cyber threats 2024-11-07 at 08:08 By Mirko Zorz In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses

React to this headline:

Loading spinner

How AI will shape the next generation of cyber threats Read More »

AWS security essentials for managing compliance, data protection, and threat detection

AWS, cloud security, Don't miss, Hot stuff, monitoring, News, strategy, threat monitoring, tips /

AWS security essentials for managing compliance, data protection, and threat detection 2024-11-07 at 07:03 By Help Net Security AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool

React to this headline:

Loading spinner

AWS security essentials for managing compliance, data protection, and threat detection Read More »

Consumer privacy risks of data aggregation: What should organizations do?

cybersecurity, Data Protection, Don't miss, Expert analysis, Expert corner, Hot stuff, LOKKER, News, opinion, Privacy, regulation, risk /

Consumer privacy risks of data aggregation: What should organizations do? 2024-11-07 at 06:48 By Help Net Security In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings

React to this headline:

Loading spinner

Consumer privacy risks of data aggregation: What should organizations do? Read More »

GoZone ransomware accuses and threatens victims

Don't miss, Elastio, Hot stuff, News, Ransomware, SonicWall, Windows /

GoZone ransomware accuses and threatens victims 2024-11-06 at 13:06 By Zeljka Zorz A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The ransom

React to this headline:

Loading spinner

GoZone ransomware accuses and threatens victims Read More »

The cybersecurity gender gap: How diverse teams improve threat response

cybersecurity, Don't miss, education, Features, Hot stuff, LinkedIn, News, opinion, skill development, training /

The cybersecurity gender gap: How diverse teams improve threat response 2024-11-06 at 07:33 By Mirko Zorz In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams

React to this headline:

Loading spinner

The cybersecurity gender gap: How diverse teams improve threat response Read More »

Osmedeus: Open-source workflow engine for offensive security

Don't miss, GitHub, Hot stuff, News, open source, software /

Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your

React to this headline:

Loading spinner

Osmedeus: Open-source workflow engine for offensive security Read More »

Identity-related data breaches cost more than average incidents

cybersecurity, data breach, identity, News, report, RSA, survey /

Identity-related data breaches cost more than average incidents 2024-11-06 at 06:01 By Help Net Security Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total

React to this headline:

Loading spinner

Identity-related data breaches cost more than average incidents Read More »

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC

Managed Detection and Response, Microsoft Security, News /

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC 2024-11-06 at 00:03 By Trustwave has further solidified its partnership with Microsoft by achieving Microsoft FastTrack Ready partner status for Microsoft 365 and being named a Microsoft Verified Managed Extended Detection and Response (MXDR) solution provider for the Asia Pacific (APAC) region. This article is an excerpt

React to this headline:

Loading spinner

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC Read More »

Beware of phishing emails delivering backdoored Linux VMs!

backdoor, Don't miss, Hot stuff, Linux, News, phishing, Securonix, virtualization /

Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to

React to this headline:

Loading spinner

Beware of phishing emails delivering backdoored Linux VMs! Read More »

Scroll to Top